CVE-2018-13405

Name of the Vulnerable Software and Affected Versions Linux kernel versions through 3.16

Description The issue is related to insecure privilege management in the inode init owner function of the Linux kernel. This allows an attacker to access confidential data, compromise its integrity, and cause a denial of service. Specifically, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group, the non-member can create a plain file with the group ownership of that group, potentially leading to privilege escalation by making the file executable and SGID.

Recommendations For Linux kernel versions through 3.16, consider restricting access to the inode init owner function until a patch is available, or apply configuration changes to limit the impact of the insecure privilege management. At the moment, there is no information about a newer version that contains a fix for this vulnerability.